CDN:Limits

Item

Limits

Security violations

Alibaba Cloud reviews the content served on all accelerated domain names. Domain names that cannot be accelerated by Alibaba Cloud CDN include but are not limited to:

• Domain names of websites whose content is inaccessible or does not provide valid information

• Domain names that point to illegal private game servers

• Domain names of websites that provide multiplayer role-playing games and card games

• Domain names of websites that provide downloads of pirated content, including pirated software, books, videos, and comics

• Domain names of peer-to-peer (P2P) lending websites

• Domain names of unofficial lottery websites

• Domain names of unlicensed hospitals and pharmaceuticals websites

• Domain names of websites that contain illicit content, such as pornography, drugs, and gambling

Burst bandwidth/QPS throttling rules

According to the Alibaba Cloud International Website Product Terms of Service, if you expect traffic or QPS spikes, including but not limited to on stress tests on bandwidth or QPS, promotional activities, and major releases, on Alibaba Cloud CDN-accelerated services, you need to contact your account manager or contact us to apply for burst bandwidth at least three business days in advance. For major events including but not limited to the Spring Festival Gala and Double 11 Global Shopping Festival, you need to apply for burst bandwidth at least one month in advance.

• If the application is approved, the availability of your services is guaranteed when the burst bandwidth is within the level agreed upon by both parties.

• If you do not apply for burst bandwidth or the application is rejected, Alibaba Cloud reserves the right to take measures such as bandwidth throttling to ensure service-level stability for other Alibaba Cloud customers. Bandwidth throttling is not necessarily triggered. Alibaba Cloud determines whether to enable bandwidth throttling based on service conditions and the level of the burst bandwidth. Alibaba Cloud is not responsible for the reduced availability caused by the measures.

• If you do not apply for burst bandwidth or the application is rejected, the following issues may occur:

  • Burst bandwidth may trigger throttling rules of Alibaba Cloud CDN. For more information, see Burst bandwidth.

  • Burst QPS may trigger HTTP flood protection rules of Alibaba Cloud CDN. In this case, the domain name may be added to a sandbox. For more information, see Introduction to sandboxes.

Potential risks of domain name attacks or data transmission abuse

By default, Alibaba Cloud CDN does not provide access control or security protection capabilities. If your domain name is attacked or abused for data transmission, high bandwidth or traffic spikes may occur. In this case, you may receive bills that are higher than expected.

High bills that are generated by malicious attacks or data transmission abuse cannot be waived or refunded. For information about how to prevent high bills from being generated, see Configure high bill alerts.

The domain name is added to the sandbox.

Sandbox: If an accelerated domain name is under attack, such as DDoS attacks or HTTP flood attacks, or faces significant increases in bandwidth or QPS due to traffic spikes that have not been reported to Alibaba Cloud, Alibaba Cloud CDN has the right to determine whether to add the attacked domain name to a sandbox based on factors such as the service status of the domain name and the impact of the attack. This ensures that the acceleration services of other users can work as expected. For more information, see Introduction to sandboxes. If the attack is severe, other accelerated domain names in the same account are also added to the sandbox, and new domain names cannot be added to the account.

Item

Limits

Domain name requirements

• The domain name must be 1 to 67 characters in length.

• The domain name can contain lowercase letters, digits, and hyphens (-). Example: example.com.

• The domain name cannot contain Chinese characters, uppercase letters, or special characters other than hyphens (-). The domain name cannot be a hyphen (-). The domain name cannot contain consecutive hyphens (-). The domain name cannot start or end with a hyphen (-). If the domain name contains Chinese characters such as 阿里云.网址, you must perform ICP filing for the Chinese domain name. Then, use the Punycode tool to convert the domain name into English characters such as xn--fiq****.xn--eq****. Specify the converted domain name as the domain name to be accelerated.

Requirements for wildcard domain names

• Alibaba Cloud CDN supports wildcard domain names. For information about the limits on wildcard domain names, see Does Alibaba Cloud CDN support wildcard domain names?

• The wildcard domain name that you specify and the domain names that match the wildcard domain name must belong to the same Alibaba Cloud account. Otherwise, an error message appears when you add domain names.

• If a wildcard domain name has not been added to an Alibaba Cloud account, you are allowed to add the subdomains of the wildcard domain name to multiple Alibaba Cloud accounts.

• If you add a wildcard domain name such as .aliyundoc.com and matching specific domain names such as example.aliyundoc.com to Alibaba Cloud CDN, only the first 500 specific domain names can be accelerated by Alibaba Cloud CDN.

  Note

  The first 500 specific domain names that match the wildcard domain name can be accelerated by Alibaba Cloud CDN.

• If your accelerated domain name is a wildcard domain *.example.com, the second-level subdomain www.example.com can be accelerated, but the second-level root domain example.com cannot be accelerated. You can configure an accelerated domain name for the second-level root domain example.com.

ICP filing requirements for domain names

ICP filing: If you set the acceleration region of a domain name to Global or Chinese Mainland Only, you must apply for an ICP number for the domain name. We recommend that you use Alibaba Cloud ICP Filing System to apply for ICP numbers. For more information, see Check the instance for ICP filing and access information.

Quantity limits

• Each Alibaba Cloud account can add up to 50 domain names to Alibaba Cloud CDN.

  Note

  If the average daily peak bandwidth of your domain names exceeds 50 Mbit/s, you can request to add more domain names by following the method that is described in Quota management. Make sure that the increase in domain names does not cause business risks.

• You cannot add domain names that have been added to other Alibaba Cloud services. If you want to transfer an Alibaba Cloud CDN-accelerated domain name to another Alibaba Cloud account, verify the ownership of the domain name first. For more information, see Transfer a domain name to another Alibaba Cloud account. If the system prompts that the domain name is added to other Alibaba Cloud services such as ApsaraVideo VOD and DCDN, submit a ticket.

Limits on domain name reclaiming /unsubscribing

• Domain name reclaiming: If your domain name is disabled for 120 days, Alibaba Cloud CDN deletes the configuration records that are related to the domain name. This rule also applies to domain names that fail ownership verification. If you want to continue using the domain name, you must go to the Alibaba Cloud CDN console to add the domain name again.

• Domain name disabling: For more information, see Rules for disabling accelerated domain names.

Item

Limits

Origin address length

A domain name cannot exceed 67 characters in length.

Number of origin severs

You can add a maximum of 20 origin server addresses for each domain name.

OSS domain

• Select the public domain name of OSS under the same account as the origin server from the drop-down list.

• Enter the public domain name of Alibaba Cloud OSS as the origin server. You cannot use the internal domain name. For example, ***.oss-cn-hangzhou.aliyuncs.com. See the public domain name of OSS in the OSS console.

IP

• You can configure one or more IP addresses for an origin server. Internal IP addresses are not supported. IPv4 addresses and IPv6 addresses are supported. At least one of the IP addresses must be an IPv4 address. If you use a public IP address of an Alibaba Cloud Elastic Compute Service (ECS) instance as the address of the origin server, the IP address is exempt from manual review. You need to enable origin fetch over IPv6 before you configure an IPv6 address. Otherwise, even if you configure an IPv6 address, it does not take effect. As a result, origin fetch fails. For more information, see Configure origin fetch over IPv6.

• For more information about how to set the origin type to IP, see Alibaba Cloud Content Delivery Network Accelerate ECS Resources.

Origin domain name

You can enter the domain name of an origin server. To configure multiple domain names, repeat the preceding steps.

Function compute domain

Function Compute Domain: Enter a Function Compute domain name that belongs to the current Alibaba Cloud account. If you select this option, you need to configure the Region and Domain Name parameters. For more information, see Configure a custom domain name.

Item

Limits

Length of HTTP request headers in origin requests

An HTTP request header cannot exceed 300 bytes.

Origin request timeout

By default, the timeout period for origin requests that are transmitted over Transmission Control Protocol (TCP) is 10 seconds. The timeout period for over HTTP is 30 seconds.

Content-Type

If the origin server does not return the Content-Type header, Alibaba Cloud CDN automatically adds the Content-Type:application/octet-stream header.

Automatic conversion from HEAD to GET for back-to-origin requests

By default, Alibaba Cloud CDN POPs convert HEAD requests to GET requests before the requests are redirected to the origin server. If you want POPs to redirect HEAD requests to the origin server, you can submit a ticket.

Default string format conversion of origin request header

Item

Limits

Cache purge

• Purge by URL: 10,000 URLs per day for each Alibaba Cloud account.

• Purge by directory: 100 directories per day for each Alibaba Cloud account.

If your daily peak bandwidth exceeds 200 Mbit/s, you can request a quota increase. Alibaba Cloud determines whether to approve your application based on your business requirements. For more information, see Quota management.

File prefetch

You can prefetch files only by using URLs. Each Alibaba Cloud account can submit up to 1,000 URLs per day.

If your daily peak bandwidth exceeds 200 Mbit/s, you can request a quota increase. Alibaba Cloud determines whether to approve your application based on your business requirements. For more information, see Quota management.

Item

Limits

Restrictions on access to Global (Excluding Chinese Mainland)

If you set Region to Global (Excluding Chinese Mainland) for the accelerated domain name, Alibaba Cloud Alibaba Cloud Content Delivery Network prohibits requests from accessing Chinese Mainland POPs. In this case, requests are dispatched to POPs around Chinese Mainland, such as in Hong Kong (China), Japan, or Singapore.

Differences between Global and Global (Excluding Chinese Mainland)

1. Scope

   • Global: covers all Alibaba Cloud Content Delivery Network POPs (including Chinese Mainland) glbally, offering the broadest geographical range of services.

   • Global (Excluding Chinese Mainland): Only POPs outside the Chinese Mainland, including Hong Kong (China), Macao (China), and Taiwan (China).

2. POP scheduling policy

   • Global: The user accesses the nearest POP (including POPs in Chinese Mainland). Users in Chinese mainland may connect to the local POP with lower latency.

   • Global (Excluding Chinese Mainland): Chinese mainland POPs are excluded. Users in Chinese mainland are scheduled to POP around the Chinese mainland, such as Hong Kong (China), Japan, and Singapore, which may increase latency.

3. Access path and speed

   • Global: Users worldwide (including Chinese mainland) enjoy local acceleration and more balanced access speeds.

   • Global (excluding Chinese mainland): Priority is given to users outside mainland China and those from Hong Kong, Macao, and Taiwan. Chinese mainland users require cross-border access, the speed may be affected.

4. Scenario

   • Global: Your business is in and outside the Chinese mainland, such as the official websites of multinational enterprises or global applications.

   • Global (excluding Chinese mainland): Your target users are concentrated outside the Chinese mainland network environment, such as international media content distribution.

Size of origin HTTP response headers

The total size of HTTP response headers returned from the origin to POPs cannot exceed 32 KB. Otherwise, the HTTP 502 status code is returned.

Length of an individual URL or HTTP request header, and total length of URLs and HTTP request headers

HTTP/1.1: For the large_client_header_buffers directive, number is set to 4 and size is set to 64 KB. In this case, the length of an individual HTTP request header or an individual URL cannot exceed 64 KB. Otherwise, the HTTP 414 status code is returned. The total size of all HTTP request headers and URLs cannot exceed 256 KB. Otherwise, the HTTP 400 status code is returned.

Request method

CDN supports the following request methods: GET, PUT, POST, HEAD, and OPTION.

IoT card

According to the Notice on Printing and Distributing the Trial Implementation Guidelines for the Classification and Security Management of IoT Cards (MIIT Network Security Letter [2020] No. 1173) set forth by the Ministry of Industry and Information Technology (MIIT) of the People's Republic of China, Alibaba Cloud CDN cannot to provide acceleration services for devices that use IoT cards in regions in the Chinese mainland. When devices that use IoT cards attempt to access POPs, the devices may fail to establish connections to the IP addresses of the POPs.

HTTPS-based access control

If a client does not transfer the Server Name Indication (SNI) information when it initiates an SSL handshake with a CDN POP, the CDN POP cannot guarantee a successful handshake.

Item

Limits

API call for each account

You can call this API up to 1,000 times per second per account. If the upper limit is reached, the following message is returned:

ErrorCode:Throttling
ErrorMessage:Request was denied due to flow control.

Item

Limits

CNAME

CNAMEs that are assigned by Alibaba Cloud CDN, DCDN, ApsaraVideo Live, or ApsaraVideo VOD are used only for domain name resolution by Alibaba Cloud CDN. If Alibaba Cloud discovers that your CNAME is used for malicious activities, Alibaba Cloud reserves the right to close your Alibaba Cloud account and remove the domain names.

Files

• File cache

  • Responses whose Cache-Control directives do not allow caching: If the request to a file whose size is larger than 100 MB is a cache miss, Alibaba Cloud CDNDCDN closes the connection after the amount of data transmitted from the origin server reaches 100 MB.

  • Responses whose Cache-Control headers allow caching: Alibaba Cloud CDN caches files up to 500 GB in size.

• File upload

  You can upload files to origin servers by using Alibaba Cloud CDN. Each file can be up to 300 MB in size.

EdgeScript

By default, you can configure only one script for each domain name. If you want to configure multiple scripts, Custom Request Header.

Feature configuration

You can add a maximum of 50 configurations, including but not limited to the following features: Custom Request Header, Custom Response Headers, Origin URL Rewrite, Parameter Rewrite, and Cache Expiration.

Gzip compression and Brotli compression

You can use the Gzip compression or Brotli compression feature to compress the files only if the size of files on the origin server ranges from 1 KB to 10 MB. Files that are smaller than 1 KB or larger than 10 MB are not compressed.